Lucene search

K
patchstackRaad HaddadPATCHSTACK:AE7094A1D77CE1023500CFB74E57A270
HistoryJul 07, 2022 - 12:00 a.m.

WordPress Popups plugin <= 1.9.3.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

2022-07-0700:00:00
Raad Haddad
patchstack.com
3

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Raad Haddad in WordPress Popups plugin (versions <= 1.9.3.8).

Solution

Deactivate and delete. This plugin has been closed as of July 5, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
popupsle1.9.3.8

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Related for PATCHSTACK:AE7094A1D77CE1023500CFB74E57A270